Re: [PLUG] migrating to AD user with Likewise Open

Jason Stelzer on 30 Dec 2008 13:22:08 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] migrating to AD user with Likewise Open

From: "Jason Stelzer" <jason.stelzer@gmail.com>

To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>

Subject: Re: [PLUG] migrating to AD user with Likewise Open

Date: Tue, 30 Dec 2008 16:22:01 -0500

Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

On Tue, Dec 30, 2008 at 2:07 PM, Mag Gam <magawake@gmail.com> wrote: > To be on topic, I too have a very similar question > > Presently, at my company we use AD for all authentication and as an > application developer my biggest challenge is to integrate > authentication into our apps. The authentication team simply does not > answer or understand my question. Of course, there is a possibility I > am asking it wrong :-) > > As an alternative, we created a database with usernames and passwords > and all of our applications use this db. We are in our own > island...which is not good IMO > > I am no expert in AD whatsoever, but if I know my username, password, > and domain is there a library (C/C++/Java/Perl) I can use to test my > authentication? > It's not quite that simple. AD is actually LDAP with some 'extra' stuff. That said, we use AD as our single sign on backend for our linux/windows/apps. The trick is knowing the ldap schema your organization uses. Its very simple and standard to query it. We moved away from pure ldap to a kerberos ticket system, but the fundamentals remain the same. We just happen to use kerberos to do the auth and use ldap to retrieve roles/groups. You'll need to know your organization's DN (distinguished name), the name of the AD box you want to connect to as well as a user/password to bind (connect) with. I suppose you could just try the bind with the username/password for a pass/fail type of auth. But if you want to look up stuff like roles/groups, you'll have a little more work to do. Once you're connected, you can lookup whatever public information you want in the ldap directory. LDAP can be a very daunting thing to learn, but if you take your time it'll make sense and you'll get what you need. You can also configure pam to use ldap for authentication under linux. There are lots of howtos out there. ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

References:

[PLUG] migrating to AD user with Likewise Open
From: Art Alexion <art.alexion@gmail.com>

Re: [PLUG] migrating to AD user with Likewise Open
From: "Stephen Nichols" <ChinnoDog@lonesheep.net>

Re: [PLUG] migrating to AD user with Likewise Open
From: "Mag Gam" <magawake@gmail.com>

Prev by Date: Re: [PLUG] migrating to AD user with Likewise Open

Next by Date: Re: [PLUG] Re-encode iTunes Files

Previous by thread: Re: [PLUG] migrating to AD user with Likewise Open

Next by thread: Re: [PLUG] ndiswrapper WPA success: Re: meeting followup: ndiswrapper working with 2.6 Kernel

Index(es):

Date

Thread